Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerabilities / Threats posted in May 2021
Page 1 / 3   >   >>
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Quick Hits  |  5/28/2021  | 
A new study examines the tools and technologies driving investment and activities for security operations centers.
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign
News  |  5/28/2021  | 
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.
Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection
Quick Hits  |  5/28/2021  | 
Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.
Plug-ins for Code Editors Pose Developer-Security Threat
News  |  5/28/2021  | 
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
Commentary  |  5/28/2021  | 
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
'Have I Been Pwned' Code Base Now Open Source
Quick Hits  |  5/27/2021  | 
Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.
BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims
Quick Hits  |  5/27/2021  | 
The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.
Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wust, VP of cyber protection research for Acronis.
Let's Stop Blaming Employees for Our Data Breaches
Commentary  |  5/27/2021  | 
Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.
Prevention Is the Only Cure: The Dangers of Legacy Systems
Commentary  |  5/27/2021  | 
Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Commentary  |  5/27/2021  | 
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
Google Discovers New Rowhammer Attack Technique
Quick Hits  |  5/26/2021  | 
Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips.
Zscaler Buys Deception Technology Startup
Quick Hits  |  5/26/2021  | 
ZScaler's CEO says Smokescreen Technologies' capabilities will be integrated with Zscalers ZIA and ZPA products.
Bug Bounties and the Cobra Effect
Commentary  |  5/26/2021  | 
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
Messaging Apps: The Latest Hotbed in the Fraud Ecosystem
Commentary  |  5/26/2021  | 
Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.
Orange: Your Leaky Security is Coming from Inside the House!
Commentary  |  5/26/2021  | 
SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.
Cloud Compromise Costs Organizations $6.2M Per Year
News  |  5/25/2021  | 
Organizations reported an average of 19 cloud-based compromises in the past year, but most don't evaluate the security of SaaS apps before deployment.
Russia Profiting from Massive Hydra Cybercrime Marketplace
News  |  5/25/2021  | 
An analysis of Bitcoin transactions from the Hydra marketplace show that the operators are locking sellers into Russian exchanges, likely fueling profits for local actors.
Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks
News  |  5/25/2021  | 
Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.
MacOS Zero-Day Let Attackers Bypass Privacy Preferences
Quick Hits  |  5/25/2021  | 
Apple has released security patches for vulnerabilities in macOS and tvOS that reports indicate have been exploited in the wild.
Russian Sentenced to 30 Months for Running Criminal Website
Quick Hits  |  5/25/2021  | 
FBI says sales from illicit online shop deer.io exceeded $17 million
Your Network's Smallest Cracks Are Now Its Biggest Threats
Commentary  |  5/25/2021  | 
Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.
The Adversary Within: Preventing Disaster From Insider Threats
Commentary  |  5/25/2021  | 
Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.
Businesses Boost Security Budgets. Where Will the Money Go?
News  |  5/25/2021  | 
Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.
Former FBI Employee Indicted for Taking Documents Home
Quick Hits  |  5/24/2021  | 
The long-time intelligence analyst was accused of inappropriately handling documents related to national security.
Air India Confirms Data of 4.5M Travelers Compromised
Quick Hits  |  5/24/2021  | 
Affected data includes names, birthdates, contact information, passport details, and credit card data, the airline reports.
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Commentary  |  5/24/2021  | 
SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.
As Threat Hunting Matures, Malware Labs Emerge
Commentary  |  5/24/2021  | 
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.
Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise
News  |  5/24/2021  | 
A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?
Data in Danger Amid New IT Challenges
Quick Hits  |  5/21/2021  | 
Survey finds new threats due to the pandemic make managing enterprise cyber-risk even more challenging.
FBI Issues Conti Ransomware Alert as Attacks Target Healthcare
Quick Hits  |  5/21/2021  | 
Officials have identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks.
Latest Security News From RSAC 2021
News  |  5/21/2021  | 
Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations
News  |  5/20/2021  | 
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
Maricopa County CISO: Online Misinformation/Disinformation in 2020 Election a 'Gamechanger'
Quick Hits  |  5/20/2021  | 
Custom playbooks played a key role in the Arizona election jurisdiction's security strategy.
100M Users' Data Exposed via Third-Party Cloud Misconfigurations
Quick Hits  |  5/20/2021  | 
Researchers who examined 23 Android apps report developers potentially exposed the data of more than 100 million people.
Security Providers Describe New Solutions (& Growing Threats) at RSAC
Commentary  |  5/20/2021  | 
SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
3 Ways Anti-Vaxxers Will Undercut Security With Misinformation
Commentary  |  5/20/2021  | 
Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.
Cobalt Strike Becomes a Preferred Hacking Tool by Cybercrime, APT Groups
News  |  5/19/2021  | 
Incident response cases and research show how the red-team tool has become a become a go-to for attackers.
Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws
News  |  5/19/2021  | 
Research underscores the acceleration of attack activity and points to a growing concern that defenders can't keep pace.
Colonial Pipeline CEO Confirms Ransom Payment
Quick Hits  |  5/19/2021  | 
CEO Joseph Blount says the $4.4 million payment was a necessary decision amid high-stakes infrastructure disruption.
How to Adapt to Rising Consumer Expectations of Invisible Security
Commentary  |  5/19/2021  | 
Working from home has changed users' ideas about seamless security. Here's how to address them.
How Ransomware Encourages Opportunists to Become Criminals
Commentary  |  5/19/2021  | 
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.
How Attackers Weigh the Pros and Cons of BEC Techniques
News  |  5/18/2021  | 
Security researchers discuss attackers' evolving methodologies in business email compromise and phishing campaigns.
FBI's IC3 Logs 1M Complaints in 14 Months
Quick Hits  |  5/18/2021  | 
The FBI's IC3 reports COVID-related scams and an increase in online retail may be behind the upswing in complaints.
Why Anti-Phishing Training Isn't Enough
Commentary  |  5/18/2021  | 
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.
How to Mitigate Against Domain Credential Theft
Commentary  |  5/18/2021  | 
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
Cisco Plans to Create 'Premium' SecureX Offering With Kenna Security Features
News  |  5/18/2021  | 
Executives from Cisco share insights on the networking giant's ambitious security strategy.
DarkSide Ransomware Variant Targets Disk Partitions
Quick Hits  |  5/17/2021  | 
A newly discovered DarkSide ransomware variant can detect and compromise partitioned hard drives, researchers report.
47% of Criminals Buying Exploits Target Microsoft Products
News  |  5/17/2021  | 
Researchers examine English- and Russian-language underground exploits to track how exploits are advertised and sold.
DDoS Attacks Up 31% in Q1 2021: Report
Quick Hits  |  5/17/2021  | 
If pace continues, DDoS attack activity could surpass last year's 10-million attack threshold.
Page 1 / 3   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.